Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

CIPM MAY 2023 > 7. Sustain: Monitoring and Auditing Program Performance > Flashcards

7. Sustain: Monitoring and Auditing Program Performance Flashcards

1
Q

Define Metric

A

provides data that helps to answer specific questions about business operations.

An organization should develop privacy metrics

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Types of Metric Audiences (PST)

A

Primary Audiences: legal & privacy officers, CIO, CISO, privacy mangers and executives.

Secondary Audiences: department owners, HR, CFO, HIPPA Officer, IG’s and training organizations.

Tertiary Audiences: external watchdog groups, sponsors and stockholders.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Terms: Metric Owner & ROI Analysis

A

Metric Owner - responsible for managing the metric throughout its life cycle.

ROI Analysis - provides quantitative measurement for the costs, benefits, strengths and weaknesses of an organization’s privacy controls in order to maximize the benefits of investments that prevent loss.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

4 Ways to Analyze Primary Metrics (TRRM)

A
  • Trend Analysis
  • Return of Investment (ROI)
  • Business Resiliency
  • Program Maturity

Trend, ROI, Resiliency, Maturity (TRRM)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Monitor Privacy Programs - to track compliance and risk, organizations alignment with regulatory and legislative changes, and vulnerabilities in the internal and external environment.

A
  • Tracking Compliance and Risk
  • Tracking Regulatory and Legislative Changes
  • Tracking Environmental Vulnerabilities
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Forms of Monitoring - Privacy Program

A
  • Active Scanning Tools i.e. Data Loss Prevention
  • Audit Activities
  • Breach Monitoring, Detection, & Notification
  • Complaint Monitoring
  • Data Retention
  • Control-Based Monitoring
  • HR Practices of Hiring & Terminations
  • Internal & External Conditions
  • Regulation-Based Monitoring
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is Privacy Audit

A

Privacy Audit - involves monitoring and measuring privacy practices to comply with laws, regulations, consent orders, and industry practices.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Audit Answers 2 Questions (OC)

A
  1. Privacy Operation do what they were designed to do?
  2. Controls correctly managed?
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Program Maturity Models, different types:

A

Ad Hoc - informal process

Repeatable - procedures and process, not fully documented or covered

Defined - fully documented, implemented, and cover all relevant aspects

Managed - reviews are conducted to assess control effectiveness

Optimized - regular review and feedback for continual improvement

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

GDPR mandated metrics for reporting

A

DPIAs conducted

DSARs received

Complaints received

Data security incidents

How many elevated to notifications of DPAs

How well did you know this?
1
Not at all
2
3
4
5
Perfectly

CIPM MAY 2023 (11 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions